gpg: failed to create temporary file '/var/lib/lurker/.#lk0x57d31100.hantslug.org.uk.22560': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Sat Feb 24 18:14:53 2007 GMT
gpg: using DSA key 019AD0D8166C4BF0
gpg: Can't check signature: No public key
On Saturday 24 February 2007 17:57, Andy Smith wrote:
> On Sat, Feb 24, 2007 at 04:54:07PM +0000, Philip Stubbs wrote:
> > Sorry, that was not meant to be a joke. I know that obscurity is not
> > considered a serious security method by lots of people, but I can't
> > see that it would hurt to 'keep your head down'.
>
> Security through obscurity gets an undeservedly bad name. The
> original quote "security through obscurity is an illusion" was
> strictly in the context of crypto algorithms, not meant to apply to
> the whole arena of security in general.
>
> In the real world it is used a lot, and not always foolishly.
The problem with security through obscurity is that it's always best to assume
that the attacker knows as least as much as you do. In which case security
through obscurity is no security at all.
It is a good way of keeping the noise from script kiddies down. Moving SSH off
the well known port won't keep a determined cracker out, but it will cut down
the din from the kiddies down.
A lot of firms worry about about security in an unproductive manner. For years
we had to change the root password on the AIX boxes monthly, but were allowed
to use rlogin as root without a problem...
Security is a process not a state and you need both depth and breadth, it's
not a tick the box and move on activity...
--
Adam Trickett
Overton, HANTS, UK
The Politician is an acrobat: he keeps his balance by saying
the opposite of what he does.
-- Maurice Barres
